Direct Federal will never call, email, or text you and ask for your Online Banking credentials or verification code. If you receive a communication that fits this description, please call us 888.2DIRECT.
A number of institutions have reported an increase in fraud attempts. These fraud attempts have followed three different scenarios, all of which are designed to ultimately provide the fraudsters access to people’s online and mobile accounts. We want to make you aware of these scenarios, and inform you what you can do to protect yourself.
Fraudulent email or text message claiming to come from a legitimate business
Fraudulent telephone call claiming to come from a legitimate business
Fraudulent websites intended to look like the websites of large, well-known businesses
Direct Federal will never email you and ask you for personal information. Phishing is the most common method of cyber attack and occurs when the cybercriminal emails you and tries to get you to click a malicious link, reply with personal and confidential information, or download a corrupt file. These emails may have the Direct Federal logo, may have our name listed, and even look like they are coming from us.
Tips to look for:
Spelling and grammatical errors
Subtle typos in the sender’s email address (i.e. email@example.com)
A link that leads to a different site than mentioned in the message. You can hover over the link to see the full URL that the link wll bring you to.
REMINDER | Direct Federal will never ask you to provide confidential information such as your account number, PIN, password or Login ID via email.
Direct Federal will never call you and ask you for personal information. Vishing is similar to what we discussed above but it happens over the phone. The cybercriminal will use personal information they have previously accessed about you and call and pretend to be your credit union or bank. They will try to get you to reveal your username, password, or PIN.
Tips to look for:
An unfamiliar or unknown caller ID
A caller who claims to be a bank employee saying there is an issue with your account
A caller who doesn’t answer your questions or provide additional information when questioned
REMINDER | Direct Federal will never call you and ask you to provide confidential information. If this occurs, please hang up and call back our main number—888.2DIRECT.
Direct Federal will never text you asking you to conduct a specific transaction, click on a link, or download an app other than our mobile app. Cybercriminals will text you and try to get you to either call a specific number or do a specific action.
Tips to look for:
Spelling and grammatical errors
Sent from an unfamiliar number
Contains an embedded link
REMINDER | Never reply or take action from unknown senders.
If you are concerned that any of these scenarios may have happened to you (clicked on a link from a suspicious email, downloaded an app from a suspicious text message, provided information to a suspicious caller, or inadvertently clicked on a link or called a number on a fraudulent website), please contact us so that we can review your accounts with you, and if need be, take steps to ensure they are secure.
We want our members to stay apprised of best practices in managing finances, and will continue to post updates regarding recent fraud cases in our community on our website. Should you have any questions, please call us at 888-2Direct.
Password protect your devices when not in use to prevent unauthorized access and to protect yourself in case your device is lost or stolen.
Create strong, unique passwords.
Passwords should be 8 or more characters long and include a combination of numbers, symbols and upper, and lowercase letters.
Use multi factor authentication.
Enable multi-factor authentication for each time your access online banking. Multicolor authentication is a method in which your device is granted access after successfully providing two or more pieces of information.
Don't keep your accounts logged in.
When you are done with online banking, log out.
Avoid banking on public Wi-Fi.
Public Wi-Fi isn't very secure. Avoid accessing online banking on public Wi-Fi. Save that for a secure network at home.
Don't access your online account from a shared computer.
Avoid accessing your Direct Federal account from a computer that is not yours or is a shared computer.
Don't provide personal or account information.
Direct Federal will not ask for you to supply personal information, such as your social security number or account number, via text or email. Be suspicious of any unsolicited requests for your information. When in doubt, contact Direct Federal immediately.
Don't provide your Direct Federal account or personal information via email.
Direct Federal will never ask for information like your social security number, account information, or credit card information via email.
Do check your Direct Federal accounts regularly for unauthorized monetary activity.
Make it a habit to check your Direct Federal account transactions frequently for any unauthorized charges or withdrawals. Report any fraudulent charges immediately to us.
Do report lost/stolen cards right away.
If your debit or credit card is lost or stolen, report it right away.
Equal Opportunity Lender. Your savings federally insured to at least $250,000 and backed by the full faith and credit of the United States Government. National Credit Union Administration, a U.S. Government Agency.
The fraudsters send emails or text messages to people claiming to be legitimate businesses. The emails or text messages indicate that there is a problem with the person’s computer or cellphone service, or a problem with one of the person’s business relationships. In the case of an email, the fraudsters ask the person to click on a link contained in the email to resolve the problem. In the case of a text message, they ask the person to download an app to their phone. In either case, if the person does so, the fraudsters can install malware on the computer or cellphone. The malware allows the fraudsters to monitor all activity on the computer or cellphone, including the entry of usernames and passwords. Additionally, sometimes the email or text will contain a phone number the fraudsters ask the person to call to resolve the issue. If they call the number, the fraudsters will claim they need personal information or login credentials in order to resolve the fictitious problem.
If you are at all suspicious of an email or text you receive, do not click on any links or download any apps. Keep your credentials safe and to yourself. Never provide personal information, your username, or your password to anyone. Use strong passwords on all your accounts and use different passwords on each account. If you are suspicious of a call you receive, hang-up, and call the business directly.
The fraudsters call people claiming to be from legitimate businesses or financial institutions. The caller usually suggests that a transaction was made in error and that online banking login credentials and other personal information are needed to reverse the charges.
If you receive a call from someone suggesting they are from a business or your financial institution, please do not provide any personal information or login credentials. As a reminder, Direct Federal will never call you and ask for your social security number, birthdate, or login credentials. If you are unsure about the legitimacy of the call, please end the call and call the business or your financial institution directly to verify.
The fraudsters establish websites that look very much like the websites of large, well-known businesses. People have a legitimate need to visit one of the businesses’ sites, and inadvertently end up at the fraudster’s site. They click on a link which, unbeknownst to the person, installs malware on their computer as in Scenario 1. Alternatively, the person calls a “customer service” telephone number listed on the fraudulent site, and the fraudsters are able to convince the person to provide sensitive, personal information.
To ensure that you are visiting the website you intend, type the website address directly in the address bar. Once at the site, watch for red flags such as unusual advertisements or links to seemingly unrelated companies.